trunk: updates from dan on 9 modules

This commit is contained in:
Chris PeBenito 2007-08-22 20:02:41 +00:00
parent f65ca5f9b6
commit 8d2c34195e
10 changed files with 44 additions and 30 deletions

View File

@ -1,5 +1,5 @@
policy_module(logwatch,1.5.1) policy_module(logwatch,1.5.2)
################################# #################################
# #
@ -29,7 +29,6 @@ allow logwatch_t self:capability { dac_override dac_read_search setgid };
allow logwatch_t self:process signal; allow logwatch_t self:process signal;
allow logwatch_t self:fifo_file rw_file_perms; allow logwatch_t self:fifo_file rw_file_perms;
allow logwatch_t self:unix_stream_socket create_stream_socket_perms; allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
allow logwatch_t self:netlink_route_socket r_netlink_socket_perms;
manage_dirs_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t) manage_dirs_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
manage_files_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t) manage_files_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
@ -73,6 +72,9 @@ term_dontaudit_list_ptys(logwatch_t)
auth_dontaudit_read_shadow(logwatch_t) auth_dontaudit_read_shadow(logwatch_t)
init_read_utmp(logwatch_t)
init_dontaudit_write_utmp(logwatch_t)
libs_use_ld_so(logwatch_t) libs_use_ld_so(logwatch_t)
libs_use_shared_libs(logwatch_t) libs_use_shared_libs(logwatch_t)
libs_read_lib_files(logwatch_t) libs_read_lib_files(logwatch_t)
@ -95,6 +97,10 @@ optional_policy(`
apache_read_log(logwatch_t) apache_read_log(logwatch_t)
') ')
optional_policy(`
auth_use_nsswitch(logwatch_t)
')
optional_policy(` optional_policy(`
avahi_dontaudit_search_pid(logwatch_t) avahi_dontaudit_search_pid(logwatch_t)
') ')
@ -116,14 +122,6 @@ optional_policy(`
mta_getattr_spool(logwatch_t) mta_getattr_spool(logwatch_t)
') ')
optional_policy(`
nis_use_ypbind(logwatch_t)
')
optional_policy(`
nscd_socket_use(logwatch_t)
')
optional_policy(` optional_policy(`
ntp_domtrans(logwatch_t) ntp_domtrans(logwatch_t)
') ')

View File

@ -1,21 +1,11 @@
policy_module(usernetctl,1.1.1) policy_module(usernetctl,1.1.2)
######################################## ########################################
# #
# Declarations # Declarations
# #
ifdef(`strict_policy',`
## <desc>
## <p>
## Allow users to control network interfaces
## (also needs USERCTL=true)
## </p>
## </desc>
gen_tunable(user_net_control,false)
')
type usernetctl_t; type usernetctl_t;
type usernetctl_exec_t; type usernetctl_exec_t;
application_domain(usernetctl_t,usernetctl_exec_t) application_domain(usernetctl_t,usernetctl_exec_t)

View File

@ -25,6 +25,7 @@ HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:ROLE_vmware_conf
/usr/bin/vmware-smbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0) /usr/bin/vmware-smbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
/usr/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0) /usr/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
/usr/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0) /usr/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
/usr/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
/usr/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0) /usr/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
/usr/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0) /usr/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(vmware,1.2.0) policy_module(vmware,1.2.1)
######################################## ########################################
# #
@ -56,6 +56,8 @@ corenet_raw_sendrecv_all_nodes(vmware_host_t)
corenet_tcp_sendrecv_all_ports(vmware_host_t) corenet_tcp_sendrecv_all_ports(vmware_host_t)
corenet_udp_sendrecv_all_ports(vmware_host_t) corenet_udp_sendrecv_all_ports(vmware_host_t)
corenet_raw_bind_all_nodes(vmware_host_t) corenet_raw_bind_all_nodes(vmware_host_t)
corenet_tcp_bind_all_nodes(vmware_host_t)
corenet_udp_bind_all_nodes(vmware_host_t)
corenet_tcp_connect_all_ports(vmware_host_t) corenet_tcp_connect_all_ports(vmware_host_t)
corenet_sendrecv_all_client_packets(vmware_host_t) corenet_sendrecv_all_client_packets(vmware_host_t)
corenet_sendrecv_all_server_packets(vmware_host_t) corenet_sendrecv_all_server_packets(vmware_host_t)

View File

@ -1,5 +1,5 @@
policy_module(avahi,1.6.0) policy_module(avahi,1.6.1)
######################################## ########################################
# #
@ -57,6 +57,7 @@ dev_read_urand(avahi_t)
fs_getattr_all_fs(avahi_t) fs_getattr_all_fs(avahi_t)
fs_search_auto_mountpoints(avahi_t) fs_search_auto_mountpoints(avahi_t)
fs_list_inotifyfs(avahi_t)
domain_use_interactive_fds(avahi_t) domain_use_interactive_fds(avahi_t)

View File

@ -69,6 +69,24 @@ interface(`fstools_exec',`
can_exec($1,fsadm_exec_t) can_exec($1,fsadm_exec_t)
') ')
########################################
## <summary>
## Read fstools unnamed pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fstools_read_pipes',`
gen_require(`
type fsdaemon_t;
')
allow $1 fsdaemon_t:fifo_file read_fifo_file_perms;
')
######################################## ########################################
## <summary> ## <summary>
## Relabel a file to the type used by the ## Relabel a file to the type used by the

View File

@ -1,5 +1,5 @@
policy_module(fstools,1.7.0) policy_module(fstools,1.7.1)
######################################## ########################################
# #
@ -69,6 +69,7 @@ files_getattr_boot_dirs(fsadm_t)
dev_getattr_all_chr_files(fsadm_t) dev_getattr_all_chr_files(fsadm_t)
dev_dontaudit_getattr_all_blk_files(fsadm_t) dev_dontaudit_getattr_all_blk_files(fsadm_t)
dev_dontaudit_getattr_generic_files(fsadm_t)
# mkreiserfs and other programs need this for UUID # mkreiserfs and other programs need this for UUID
dev_read_rand(fsadm_t) dev_read_rand(fsadm_t)
dev_read_urand(fsadm_t) dev_read_urand(fsadm_t)
@ -184,3 +185,7 @@ optional_policy(`
fs_dontaudit_write_ramfs_pipes(fsadm_t) fs_dontaudit_write_ramfs_pipes(fsadm_t)
rhgb_stub(fsadm_t) rhgb_stub(fsadm_t)
') ')
optional_policy(`
xen_append_log(fsadm_t)
')

View File

@ -1,5 +1,5 @@
policy_module(iptables,1.4.0) policy_module(iptables,1.4.1)
######################################## ########################################
# #
@ -58,6 +58,8 @@ domain_use_interactive_fds(iptables_t)
files_read_etc_files(iptables_t) files_read_etc_files(iptables_t)
files_read_etc_runtime_files(iptables_t) files_read_etc_runtime_files(iptables_t)
auth_use_nsswitch(iptables_t)
init_use_fds(iptables_t) init_use_fds(iptables_t)
init_use_script_ptys(iptables_t) init_use_script_ptys(iptables_t)
# to allow rules to be saved on reboot: # to allow rules to be saved on reboot:
@ -102,10 +104,6 @@ optional_policy(`
nis_use_ypbind(iptables_t) nis_use_ypbind(iptables_t)
') ')
optional_policy(`
nscd_socket_use(iptables_t)
')
optional_policy(` optional_policy(`
ppp_dontaudit_use_fds(iptables_t) ppp_dontaudit_use_fds(iptables_t)
') ')

View File

@ -65,6 +65,7 @@ ifdef(`distro_redhat',`
/var/lib/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0) /var/lib/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
/var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0) /var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0) /var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)

View File

@ -1,5 +1,5 @@
policy_module(miscfiles,1.3.0) policy_module(miscfiles,1.3.1)
######################################## ########################################
# #